Re: Frontends to administer servers
Dan Ros wrote:
-----Original Message----- From: Adrian 'Dagurashibanipal' von
(personal note: I'd not use mysql, but postgresql instead. YMMV.)
Generally: use whatever technology you know already. This means I
have a heavy anti-LDAP bias, but I know SQL quite well. For others,
this may mean that they'll use LDAP since they know how to set it
up and run it.
I think for what you want, both technologies can be used without
big problems, so it really comes down on how much time do you spend
learning the tools. (As for authentication: yes, there are many
LDAP backends for server applications. But there are many sql
backends for server applications, too.)
I am also trying to decide between ldap and [my]sql for a centralised
authentication and management system.
Seems to be that on the plus side for ldap, it has fairly mature
application interfaces and pre-existing data structures for things
like bind zonefiles. On the minus side i don't know anything about it
and it may be inflexible.
on the plus side you can also add the simplicity of database
replication and that you can use your ldap user directory also for your
mail clients (addressbook).
Mysql has the obvious advantage that coding up a php interface to it
all is very easy and I can write scripts to grab data out of the
database and create local config files from that.
there's no difference to LDAP. the php-ldap interface is pretty good and
well documented, the perl interface is also good, and it's no problem
to generate all things you like out of ldap.
On the minus side thats prone to flakiness and inconsistencies and
the pam_mysql module is woefully devoid of nss support and some other
I'm wavering towards the path of putting a bit of time in to learn
LDAP and going for a proper solution (instead of bunch-of-scripts
mysql solution) which should be more extensible and scalable in the
long term. Personally though I don't see why LDAP is any better than
a properly constructed database, other than the application
interfaces that already exist.
i guess there must be some reason why eDirectory, ADS and Domino use
I personally like the replication process and ldap _is_ optimized for
search access. LDAP authentication and other things (mail aliases, ...)
are pretty easy to implement in almost any software...
\\\ ||| /// _\=/_
( @ @ ) (o o)
| Markus Schabel TGM - Die Schule der Technik www.tgm.ac.at |
| IT-Service A-1200 Wien, Wexstrasse 19-23 net.tgm.ac.at |
| email@example.com Tel.: +43(1)33126/316 |
| firstname.lastname@example.org Fax.: +43(1)33126/154 |
| FSF Associate Member #597, Linux User #259595 (counter.li.org) |
| oOOo Yet Another Spam Trap: oOOo |
| ( ) oOOo email@example.com ( ) oOOo |
+--------\ (----( )--------------------------\ ( -----( )-----+
\_) ) / \_) ) /
Computers are like airconditioners:
They stop working properly if you open windows.